.NET control no longer loads in IE8 in Internet Zone

Hello There!

 

Veena here to discuss an important change made in Internet Explorer 8 that could impact you. With Internet Explorer 8 it is no longer possible to load .NET controls in Internet zone under the default(medium-high) security setting.

In Internet Explorer 8, we have added a new UI-less URLAction (0x2005) that we check before loading the .NET MIME Filter, mscorie.dll,  for content from the Internet zone. And by default it is set to DISABLE in Medium-High/High templates which are the default security templates used by Internet Zone and Restricted Sites Zone respectively. This URLAction is enabled by default in the other security zones.

This change prevents the loading of mscorie.dll for a .NET control on a page, if that control's URL has a "DISABLED" policy for the new 0x2005 UrlAction. Please note that this URLAction cannot be configured via the Internet options control panel. This change is further discussed here.

Mscorie.dll, contains a Multipurpose Internet Mail Extensions (MIME) Type Filter. This filter hooks into Internet Explorer and monitors all incoming data streams with the MIME type application/octet-stream. A primary role of this filter is to examine the incoming stream to see whether or not the stream is managed code. If the filter determines that the incoming data is a .NET Framework module, the filter loads a managed assembly named IEHost which then handles loading the .NET control. The following KB article discusses this in more detail:

https://support.microsoft.com/kb/311301

If you want to allow loading .NET controls for any web site that is impacted by this change, you can add it to the trusted sites zone. But please note that the site that needs to be added is that of the control and not that of the page. Alternatively, you can set the above URLAction to enable in the registry but please note that this can compromise the security of your system.

 

Regards,

The IE Support Team